informa
/
Vulnerabilities/Threats
News

EPL Releases February Survey

Exploit Prevention Labs released the results of its February 2007 Exploit Prevalence Survey

ATLANTA -- Exploit Prevention Labs (http://www.explabs.com), a leading developer of safe surfing software that protects against phishing, social engineering and other web-based exploits, today released the results of its February 2007 Exploit Prevalence SurveyT. Now in its tenth month, the Exploit Prevalence Survey is the industry's only survey to use real-world data to definitively measure the most widespread web-borne exploits. Results are derived from automated reports submitted by users of Exploit Prevention Labs' LinkScanner family of safe surfing applications, combined with data collected from all levels of the company's multi-faceted research network.

Roger Thompson, CTO of Exploit Prevention Labs and author of the monthly Exploit Prevalence Survey, noted steady activity among cybercriminals in February. For the third consecutive month, the Q406 Roll-up exploit package captured the survey's number one spot with 35.17 percent of all occurrences. The package's overall occurrences dropped significantly from its 61.23 percent level in January, but not enough to surrender the number one position. The package consists of updated versions of exploits issued during the fourth quarter of 2006.

According to Thompson, the most common exploits in the package are Setslice,

VML and XML, all of which were derived from proof-of-concepts released by HD

Moore during his Month of Browser Bugs in September 2006. Also included in the package is the IE Com CreateObject exploit, originally released as a proof of concept in August, and which occupied November's number one ranking with

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5